Opened 3 years ago

Closed 8 weeks ago

Last modified 8 weeks ago

#17457 closed enhancement (wontfix)

Implement OMEMO

Reported by: arlolra Owned by:
Priority: Medium Milestone:
Component: Archived/Tor Messenger Version:
Severity: Normal Keywords:
Cc: sukhbir, boklm, poly@…, platypus@…, cypherpunks Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (13)

comment:1 Changed 3 years ago by sukhbir

Cc: sukhbir added

comment:2 Changed 3 years ago by boklm

Cc: boklm added

comment:3 Changed 3 years ago by poly

Cc: poly@… added

comment:4 Changed 3 years ago by vegansalad

Let's bring the Axolotl ratchet encryption protocal that is used in Signal to Tor Messenger! https://github.com/trevp/axolotl/wiki

The desktop Gajim XMPP client already has an experimental OMEMO plugin here: https://github.com/kalkin/gajim-omemo

I don't know how best to represent this on TRAC, but this bug has also been filed upstream at InstantBird. You can find the issue here: https://bugzilla.mozilla.org/show_bug.cgi?id=1237416 If anyone has an account at bugzilla, it might be worth it to somehow keep both tickets updated as the other one gets updated.

From what I understand, Tor Messenger would need to impliment these two ProtoXEPs to get OMEMO to work. Should I make a child ticket to add support for them? Are there other XEPs that need to be added? Do other people have other subtasks that they know would need to get done to make this transition?

https://conversations.im/xeps/omemo-filetransfer.html

XEP-xxxx: OMEMO Encrypted Jingle File Transfer
Abstract: This specification defines a Jingle application for transfering encrypted files from one entity to another. The protocol is based on the regular Jingle File Transfer specification and diverges from that only in the description of the file.

https://conversations.im/xeps/multi-end.html

XEP-xxxx: OMEMO Encryption
Abstract: This specification defines a protocol for end-to-end encryption in one-on-one chats that may have multiple clients per account.
Author: Andreas Straub

Version 0, edited 3 years ago by vegansalad (next)

comment:5 Changed 3 years ago by cypherpunks

Since Tor Messenger doesn't need to submit to Apple's licensing war against GPL, the only 2 bits of signal to extract from your lengthy quote are:

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:6 Changed 3 years ago by vegansalad

The main devs for Chatsecure, Conversations, and Monal are discussing creating a modifying version of OMEMO based on the OLM protocol (which is pretty similar to what the axolotl protocol v2 looked like.). https://github.com/anurodhp/Monal/issues/9

They want to build a tweaked version of something like OMEMO that would be incompatible with existing OMEMO clients, but that would be able to communicate with XMPP clients in the iOS app store like ChatSecure.

If Tor Messenger is going to impliment an encryption protocol like OMEMO, it might be worth it to use the fork that these people are building instead of OMEMO itself so that Tor Messenger users can communicate with iOS users using a Signal based encryption standard. Also, OMEMO was created by the Conversations App person, so it he is transitioning to something else, it might be good to use that instead of OMEMO.

comment:7 Changed 3 years ago by vegansalad

Seems like they are looking to base it off of the Apache 2.0 licenced OLM ratchet implementation: ​https://matrix.org/git/olm/https://github.com/chrisballinger/OLMKit/tree/olmkit/xcode

comment:9 Changed 3 years ago by platypus

Cc: platypus@… added

comment:10 Changed 2 years ago by vegansalad

OMEMO is now based on the OLM Protocol instead of the Signal Protocol (formerly named the Axolotl Protocol).

It now has an official XEP: https://xmpp.org/extensions/xep-0384.html

Both OMEMO and OLM have been audited by third parties:
https://conversations.im/omemo/audit.pdf
https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/

Some of this content is outdated, but a lot of documentation was written a few months ago about OMEMO here: https://we.riseup.net/riseup/xmpp

OMEMO is being ported to Profanity.im as well https://github.com/boothj5/profanity/issues/658

Usability for the only desktop client that supports OMEMO currently, Gajim, is not perfect. https://current.workingdirectory.net/posts/2017/encrypted-mucs/

It'd be great to see Tor Messenger work with InstantBird in order to support OMEMO.

What are some blockers that prevent this from happening?

comment:11 Changed 12 months ago by vegansalad

Any updates on this? I saw that OMEMO integration was being discussed upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1237416

The best mobile XMPP client, Conversations, is depreciating OTR support in their 2.0 version and will make OMEMO default: https://twitter.com/iNPUTmice/status/939171488942436352

It's time to play some catch up and get OMEMO to finally work in Tor Messenger! Thoughts?

comment:12 Changed 8 months ago by cypherpunks

Cc: cypherpunks added

ChatSecure has implemented this as well and it works quite nicely, just that mesages are not syncing to Tor Messenger as there's no OMEMO support :/

comment:13 Changed 8 weeks ago by traumschule

Resolution: wontfix
Status: newclosed

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true:
https://blog.torproject.org/sunsetting-tor-messenger

luckily there are alternatives:
https://blog.torproject.org/tor-heart-onion-messaging

.. and maybe someday

Last edited 8 weeks ago by traumschule (previous) (diff)
Note: See TracTickets for help on using tickets.